Common use of IT Operations Security Policy Clause in Contracts

IT Operations Security Policy. Contractor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist. These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections.  Data Management Security Policy. Contractor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties.  Security Incident Notification and Management Process. Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX).  Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers.  Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services.  Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits.  Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis.

IT Operations Security Policy. Contractor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist. These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections.  ▪ Data Management Security Policy. Contractor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties.  ▪ Security Incident Notification and Management Process. Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-time- tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  ▪ Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX).  BINTI INC. FOR WEB APPLICATION FOR RESOURCE FAMILY APPROVAL ▪ Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers.  ▪ Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services.  ▪ Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits.  ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis.

IT Operations Security Policy. Contractor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist. These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections.  ▪ Data Management Security Policy. Contractor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties.  ▪ Security Incident Notification and Management Process. Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  ▪ Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX).  ▪ Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers.  ▪ Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services.  ▪ Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits.  ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis.